malwarewikiaorg-20200223-history
CryptoLocker 5.1
CryptoLocker 5.1 is a ransomware that runs on Microsoft Windows. It is part of the HiddenTear family. It is aimed at Italian-speaking users. Payload Transmission CryptoLocker 5.1 is distributed through email spam and malicious attachments. Infection Following system infiltration, CryptoLocker 5.1 encrypts files using RSA-2048 cryptography and appends a ".locked" extension to the name of each encrypted file. For example, "sample.jpg" is renamed to "sample.jpg.locked". Following encryption, CryptoLocker 5.1 opens a pop-up window and creates a "LEGGI.txt" file, placing it on the desktop. Both contain ransom-demand messages. CryptoLocker 5.1's ransom-demand messages is in Italian and, thus, this virus targets users from Italy. It is stated that files are encrypted using asymmetric cryptography. Be aware that two keys (public encryption and private decryption) are generated when using asymmetric algorithms. The private key is stored on remote servers owned by cyber criminals. Decryption without this key is impossible - victims must pay a ransom of €130/250. The ransom must be paid in Bitcoin currency and submitted within 48 hours, otherwise the key is deleted and decryption becomes impossible. The ransom note saids the following: Cos'è Cryptolocker ? Cryptolocker è un malware appartenente alla famiglia dei ransomware. Questo virus è in grado di criptare con algoritmi asimmetrici i file della vittima. Wikipedia : hxxps://it.wikipedia.org/wiki/CryptoLocker Come faccio a ripristinare i miei documenti ? I tuoi documenti,foto,dati e altri file importanti (compresi usb,hard disk,percorsi di rete etc..) sono stati criptati con un algoritmo asimmetrico a due chiavi,pubblica e privata. Tutti i file sopra citati che hanno l'estensione .locked sono stati bloccati, per sbloccarli hai bisogno della chiave privata. Come ottengo la chiave privata ? Mentre la chiave pubblica è stata salvata in una directory di sistema del tuo computer, quella privata è stata inviata sul nostro server,per ottenerla devi pagare la cifra di 130 € Appena l'importo sarà accreditato tramite meteodo di pagamento bitcoin riceverai tramite mail la chiave privata e potrai così riavere accesso ai tuoi dati. In caso contrario al termine delle 48h previste per il pagamento del riscatto la chiave privata verrà eliminata e non sarà più possibile recuperare i file. ATTENZIONE : La rimozione di Cryptolocker non ripristina l'accesso ai file cittografati. This translates to: What is Cryptolocker? Cryptolocker is a malware belonging to the ransomware family. This virus is able to encrypt the victim's files with asymmetric algorithms. Wikipedia: hxxps: //it.wikipedia.org/wiki/CryptoLocker How do I restore my documents? Your documents, photos, data and other important files (including usb, hard disk, network paths) etc ..) have been encrypted with an asymmetric two-key public and private algorithm. All the files mentioned above that have the .locked extension have been blocked, to unlock them you need the private key. How do I get the private key? While the public key has been saved in a system directory of your computer, the private one was sent to our server, to get it you have to pay the sum of 130 € As soon as the amount is credited via bitcoin payment method you will receive by email the private key and you will be able to regain access to your data. Otherwise, at the end of the 48 hours required for payment of the ransom, the key will be deleted and the files cannot be recovered. ATTENTION: Removing Cryptolocker does not restore access to city files. Ransom-demand message presented in CryptoLocker 5.1's text file ("LEGGI.txt"): Il tuo computer è stato infetta da Cryptolocker ! Tutti i tuoi file sono stati criptati con RSA 2048 bit !!! Invia il pagamento di 130 euro in bitcoin a : 1HgmpzR3rRGTWpYLUrEvgkhQhfurQCJAcq + Cos'è Cryptolocker ? Cryptolocker è un malware appartenente alla famiglia dei ransomware. Questo virus è in grado di criptare con algoritmi asimmetrici i file della vittima. Wikipedia : hxxps://it.wikipedia.org/wiki/CryptoLocker + Come faccio a ripristinare i miei documenti ? I tuoi documenti,foto,dati e altri file importanti (compresi hard disk esterni,usb,dischi di rete etc..) sono stati criptati con un algoritmo asimmetrico a due chiavi,pubblica e privata. Tutti i file sopra citati che hanno l'estensione .locked sono bloccati,per sbloccari hai bisogno della chiave privata. + Come ottengo la chiave privata ? Mentre la chiave pubblica è stata salvata in una directory di sistema del tuo computer, quella privata è stata inviata sul nostro server,per ottenerla devi pagare la cifra di 250 € Appena l'importo sarà accreditato tramite uno dei metodi di pagamento riceverai tramite mail la chiave privata e potrai così riavere accesso ai tuoi dati. In caso contrario al termine delle 48h previste per il pagamento del riscatto la chiave privata verrà eliminata e non sarà più possibile recuperare i file. ATTENZIONE : La rimozione di Cryptolocker non ripristina l'accesso ai file cittografati. This translates to: Your computer has been infected by Cryptolocker! All your files have been encrypted with RSA 2048 bit !!! Send the 130 euro bitcoin payment to: 1HgmpzR3rRGTWpYLUrEvgkhQhfurQCJAcq + What is Cryptolocker? Cryptolocker is a malware belonging to the ransomware family. This virus is able to encrypt the victim's files with asymmetric algorithms. Wikipedia: hxxps: //it.wikipedia.org/wiki/CryptoLocker + How do I restore my documents? Your documents, photos, data and other important files (including external hard drives, usb, disks of network etc ..) they have been encrypted with an asymmetric two-key public and private algorithm. All the files mentioned above that have the .locked extension are blocked, for unlock you have need the private key. + How do I get the private key? While the public key has been saved in a system directory of your computer, the private one was sent to our server, to get it you have to pay the sum of 250 € As soon as the amount is credited by one of the payment methods you will receive via private mail and you will be able to regain access to your data. Otherwise, at the end of the 48 hours required for payment of the ransom, the key private will be deleted and it will no longer be possible to recover the files. ATTENTION: Removing Cryptolocker does not restore access to city files. Category:Ransomware Category:Win32 ransomware Category:Win32 trojan Category:Win32 Category:Microsoft Windows Category:Trojan Category:Virus Category:Win32 virus